[GH-ISSUE #1212] Offboarding Wizard fails if UPN does not match email address #672

New issue

Closed

opened 2026-03-02 12:44:14 +03:00 by kerem · 2 comments

kerem commented 2026-03-02 12:44:14 +03:00

Owner

Copy link

Originally created by @drew5901 on GitHub (Nov 10, 2022).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/1212

Description

1. Run offboarding wizard
2. Select tenant, select user, select options, run wizard
3. Receive error that "An error has occurred: Resource '' does not exist or one of its queried reference-property objects are not present" 403 - Request failed with status code 403

This users UPN is not the same as the users email address. The account does sync to O365 from an on-prem AD via AD connect. The only options selected should be able to be managed in O365 without changing anything in Active Directory unless is errors out because "remove from all groups" would include groups from AD.

Environment data

hosted in Azure

Originally created by @drew5901 on GitHub (Nov 10, 2022). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/1212 ### Description 1) Run offboarding wizard 2) Select tenant, select user, select options, run wizard 3) Receive error that "An error has occurred: Resource '<email address>' does not exist or one of its queried reference-property objects are not present" 403 - Request failed with status code 403 This users UPN is not the same as the users email address. The account does sync to O365 from an on-prem AD via AD connect. The only options selected should be able to be managed in O365 without changing anything in Active Directory unless is errors out because "remove from all groups" would include groups from AD. ### Environment data ```PowerShell hosted in Azure ```

kerem 2026-03-02 12:44:14 +03:00

• closed this issue
• added the
  bug
  unconfirmed-by-user
  labels

kerem commented 2026-03-02 12:44:15 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Nov 10, 2022):

Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://kelvintegelaar.github.io/CIPP
If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.".

Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

<!-- gh-comment-id:1310317435 --> @github-actions[bot] commented on GitHub (Nov 10, 2022): Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://kelvintegelaar.github.io/CIPP If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.". Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

kerem commented 2026-03-02 12:44:15 +03:00

Author

Owner

Copy link

@KelvinTegelaar commented on GitHub (Nov 11, 2022):

The issue that the users UPN does not match their primary email address is actually an issue for MS's side too; this is an unsupported M365 configuration since recently. If you really want to have unmatching UPNs Microsoft recommends this article to understand all the limitations that you'll have:

https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id#what-is-alternate-login-id

So to summerize; this is an unsupported/not recommended M365 configuration, and thus not a CIPP issue.

<!-- gh-comment-id:1311613048 --> @KelvinTegelaar commented on GitHub (Nov 11, 2022): The issue that the users UPN does not match their primary email address is actually an issue for MS's side too; this is an unsupported M365 configuration since recently. If you really want to have unmatching UPNs Microsoft recommends this article to understand all the limitations that you'll have: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id#what-is-alternate-login-id So to summerize; this is an unsupported/not recommended M365 configuration, and thus not a CIPP issue.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#672

No description provided.